Tagged Questions

IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network.

Each DNS request has an ID of 16bits. In the event that an adversary is unable to sniff the query, a way to spoof the DNS reply is to flood the resolver with many replies.
Request from victim
Query ...

We have a click exchange-type web application that allows users to receive stats boosts within a game. Stats boosts are based off unique IP addresses which poses a problem for users who use proxies or ...

I am currently working as a technical lead on a project at a financial institution and have a question about how to provide the same level of security expected by the business in an application we are ...

I was reading up on why TCP ISNs need to be randomized, which led me to this write up by Tsutomu Shimomura. I understood how IP address spoofing and predicting the ISN helped the attacker establish a ...

Here is my setup:
I will create two REST services that are run on Server B and should only be called from Server A. Both servers are on the same network and I am not able to configure a firewall to ...

For the last 2 days, +/- every 15 minutes, someone is attempting to sign-in to my online email account. When I verify recent activity, the IP address (and the corresponding country) is different for ...

I have a website where users can generate links. I'd like to limit 10 links to a user, but would also like to avoid requiring a login/email. I was thinking about using the IP Address as an identity ...

In an internal network, all machines are firewalled from each other. The firewall has port scan detection and blocking mechanism (say, psd module of iptables).
Question: What are the ways I can block ...

Im using a website and somehow they can find out that i am using a proxy.
My first question is how can they do. How can they find out this? And Second what can i do i mean how can i hide my self, is ...

While reading up on iptables, I saw this article from NixCraft recommending that a server block the following bad addresses:
0.0.0.0/8
10.0.0.0/8
127.0.0.0/8
172.16.0.0/12
192.168.0.0/16
224.0.0.0/3
...

I am planning to make a web application deployed on a port more secure by detecting the pattern of the request an then comparing it with the patern next time that IP tries to connect.Any ways to move ...

I am developing a web application. I am planning to skip CAPTCHAs for the initial signup by an IP so as to improve user experience. I was wondering if I am inviting any security risks by doing this. ...

I was wondering that if there is a Local Area Network and one public IP,through which various clients connect(which have been allocated private IP's).Suppose one of the clients spoofs his IP to try to ...

I was talking earlier to a script kiddie and claimed that IP spoofing can increase the upload speed in a DDOS attack?! that does not make any sense to me
According to him if your server has an upload ...

I am pursuing a college project, in which I am running three fake services on three ports to protect the main service (say running at port 80). The concept is that if the user is malicious, he'll try ...

According to this answer, it's possible to send a network packet with a forged source IP address.
So, what methods a server administrator can take to prevent/block a countless requests from faked IP ...

I have a WordPress install which uses the plugin Wordfence. I set Wordfence to block the IP of anyone trying to log in with a non-existent username.
For several months now, I have been getting many ...

Looks like nmap could fake source IP address, and getting a valid response, but only in LAN environment. I'm not sure how it works, here's my thought,
You created a packet with fake IP address and a ...

Quite recently someone had maliciously stolen my pictures and created a fake Facebook and Instagram in my name, with abusive captions under my pictures. However, with the advice from the police, I had ...

This is past experience, and is not the case anymore since I am a programmer now and have nothing to do with security anymore. However in the past I had a person constantly trying to make comments of ...

Little time ago, me and my friends argued if TCP handshake can be passed with a spoofed IP address.
Assume I have a https web server that allows only admin's IP numbers.
Can anyone connect that web ...

I have a question regarding your experience of TCP Sequence Prediction that I am hoping someone could help with.
I am aware of how TCP Sequence Prediction works and how the connection can be hijacked ...

Over the past few days, I've received several spam emails coming from the addresses of a school district. I don't know much about email message headers, but since they contain numerous references like ...

My assumption:
When a firewall is configured to drop spoofed packets, it tries to ping (not necessarily ICMP) the source IP and sees if it belongs to a real host or if it's up, and if not, it drops ...